8.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-24416

GHSA ID

GHSA-rjjw-g6hw-7pc9

EPSS Score

0.1521%

CWE

CWE-79

Published

2/11/2025

Updated

2/28/2025

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-24416

CVE-2025-24416: Magento Stored Cross-Site Scripting (XSS) Vulnerability

Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

(GitHub Advisory)

8.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-24416

GHSA ID

GHSA-rjjw-g6hw-7pc9

EPSS Score

0.1521%

CWE

CWE-79

Published

2/11/2025

Updated

2/28/2025

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
magento/community-edition	composer	>= 2.4.7-beta1, < 2.4.7-p4	2.4.7-p4
magento/community-edition	composer	>= 2.4.6-p1, < 2.4.6-p9	2.4.6-p9
magento/community-edition	composer	>= 2.4.5-p1, < 2.4.5-p11	2.4.5-p11
magento/community-edition	composer	< 2.4.4-p12	2.4.4-p12
magento/community-edition	composer	= 2.4.7
magento/community-edition	composer	= 2.4.6
magento/community-edition	composer	= 2.4.5
magento/community-edition	composer	= 2.4.4
magento/community-edition	composer	= 2.4.8-beta1
magento/project-community-edition	composer	<= 2.0.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

**o** *omm*r** v*rsions *.*.*-**t**, *.*.*-p*, *.*.*-p*, *.*.*-p**, *.*.*-p** *n* **rli*r *r* *****t** *y * stor** *ross-Sit* S*riptin* (XSS) vuln*r**ility t**t *oul* ** **us** *y * low-privil**** *tt**k*r to inj**t m*li*ious s*ripts into vuln*r**l*

Reasoning

No *n*lysis *v*il**l*

8.7

Basic Information

Concerned about an active attack path?

CVE-2025-24416: Magento Stored Cross-Site Scripting (XSS) Vulnerability

8.7

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI